Bug 1534061 (CVE-2018-5702)
Summary: | CVE-2018-5702 transmission: Remote code execution (RCE) in rpc session-id via dns rebinding attack | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED UPSTREAM | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | admiller, denis, gwync, helio, jspaleta, kumarpraveen.nitdgp, raghusiddarth, sanjay.ankur, sasansiasati |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:37:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1534062, 1534063 | ||
Bug Blocks: |
Description
Laura Pardo
2018-01-12 23:21:23 UTC
Created transmission tracking bugs for this issue: Affects: epel-all [bug 1534063] Affects: fedora-all [bug 1534062] hi there Please Update Transmission on RHEL7 because there were some connectivity and stability issues that are solved on version 2.94 (May 1, 2018; 10 months ago), but there is no Update available yet! so Please update this to 2.94 on RHEL7 regards Instead of commenting on unrelated bugs, you should open a separate bug for your request against the right product and component: https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=transmission&version=epel7 (The above is the guess that you're using packages form EPEL7, as transmission is not part of Red Hat Enterprise Linux.) This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products. |